Silence of the Lambs: Inspecting Source Code and Binaries in Continuous Delivery Pipelines
Speaker: Michael Huettermann @Huettermann
For more blog posts, see The Oracle Code One table of contents
- More than one solution.
- First “DevOps” book – Adam Smith – Wealth of Nations – talks about division of labor
- Holistic/shared goals/processes/tools
- Cycle time – across functions, create own definition
- Start with value stream map
- Identify areas for improvements
- Every chain has a bottleneck.
- Consider theory of constraints. Fixing one bottleneck will expose another.
- Consider as doughnuts, not tubes. Want feedback.
- Glue together existing tools.
- Identify stages and quality gates
- ex: continuous build, dev build, RC build, GA build
- “Pushing around binaries is a vintage approach” – should add context info
- Binary repo (Nexus, Artifactory)
- Containerized infrastructure
- Cloud enabled setup
- Continuous Inspection (SonarQube for code, Twistlock for Docker)
- Supporting/cross cutting tools
- Middleware (Tomcat, JBoss)
- Functional monitoring (ELK)
- Automation engine: (Jenkins)
The images were a good case study. While I would have rather have seen a live demo than a video, it was a video the speaker made so pretty equivalent. And he narrated it well.